TL;DR
- Mehdi Farooq, partner at Hypersphere, lost six wallets and years of savings after a phishing attack involving a fake Zoom call.
- The attack exploited trust by hijacking a known contact’s Telegram account.
- Farooq later identified the threat actor as “dangrouspassword,” a group affiliated with North Korea.
Earlier this week, Mehdi Farooq, a partner at crypto venture firm Hypersphere and former Animoca Brands executive, shared a personal account of a devastating scam. In a post on X, Farooq revealed that he lost the majority of his crypto savings in under ten minutes, after falling victim to a highly targeted phishing attack through a fake Zoom meeting.
The incident began when Farooq received a seemingly harmless message on Telegram from “Alex Lin,” a contact he already knew. Lin suggested catching up, which appeared natural given their past interactions. Farooq sent over his Calendly link, and Lin scheduled a meeting. Minutes before it was supposed to happen, Lin asked to switch to Zoom Business, citing “compliance” and mentioning another familiar name, Kent, would also join.
Hackers Exploit Familiarity And Routine
The deception was subtle and calculated. The Zoom call included video streams of both supposed participants, but with no audio. Through the in-call chat, they prompted Farooq to update Zoom to fix the issue. He followed instructions—and within moments, the real damage began.
Farooq’s system was compromised immediately after installing the malicious update. Six of his crypto wallets were drained, representing years of careful accumulation and investment. While his funds were being stolen, the impersonator kept chatting on Telegram, even joking, “Let’s catch up at SG,” which made the betrayal even more disorienting.
Farooq posted a video clip of the fake Zoom moment and called it “surreal and completely violating.” The tweet, which gained traction within the crypto space, sparked conversations around the increasing frequency of social engineering attacks and the emotional toll they inflict.
Phishing Campaigns Intensify Across Crypto Sector
Farooq later found that the Telegram account of Alex Lin had been hijacked, and that the attack was linked to a North Korean, affiliated group known as “dangrouspassword.” The breach wasn’t an isolated case. In recent months, other high-profile attacks have included phishing letters impersonating Ledger, mailed via USPS, and even a case where $330 million in Bitcoin was stolen from an elderly individual.
Despite the loss, Farooq highlighted an unexpected bright spot. In his darkest moment, complete strangers, white-hat hackers, stepped in to offer assistance. The incident is a stark reminder for everyone in crypto: trust must always be verified, especially when money is only one click away.
